Pixel Envy

Written by Nick Heer.

Apple Uses Its Malware Removal Tool to Block Vulnerable Versions of Zoom and Its Hidden Local Server

Zack Whittaker, TechCrunch:

Apple has released a silent update for Mac users removing a vulnerable component in Zoom, the popular video conferencing app, which allowed websites to automatically add a user to a video call without their permission.

The Cupertino, Calif.-based tech giant told TechCrunch that the update — now released — removes the hidden web server, which Zoom quietly installed on users’ Macs when they installed the app.

Apple said the update does not require any user interaction and is deployed automatically.

Howard Oakley:

According to information given to TechCrunch this evening, Apple says that this update removes the hidden web server installed by previous versions of the Zoom client. If this is the case, it is the first known deployment of MRT to remove a vulnerable product like this, rather than malware. However, TechCrunch doesn’t mention the use of MRT.

You can check whether this update has been installed by opening System Information via About This Mac, and selecting the Installations item under Software.

Even if users don’t update their copy of Zoom to the newest version that lacks the silently-installed web server, this step should mean that this serious vulnerability has been closed off.

It’s also notable that Apple now has several avenues by which it can disable software without any user interaction.